Merge 2.16.0 to 3.x

.htaccess

@@ -97,21 +97,31 @@
     </IfModule>
 </IfModule>
 
-# Denie access via HTTP requests to all PHP files.
-<Files "*.php">
-    Require all denied
-</Files>
+# Apache 2.4+
+<IfModule authz_core_module>
+    # Deny access via HTTP requests to all PHP files.
+    <FilesMatch "\.php$">
+        Require all denied
+    </FilesMatch>
+
+    # Except those whitelisted bellow.
+    <FilesMatch "^(index|index_dev|filemanager|upgrade)\.php$">
+        Require all granted
+    </FilesMatch>
+</IfModule>
+
+# Fallback for Apache < 2.4
+<IfModule !authz_core_module>
+    # Deny access via HTTP requests to all PHP files.
+    <FilesMatch "\.php$">
+        Order deny,allow
+        Deny from all
+    </FilesMatch>
+
+    # Except those whitelisted bellow.
+    <FilesMatch "^(index|index_dev|filemanager|upgrade)\.php$">
+        Order allow,deny
+        Allow from all
+    </FilesMatch>
+</IfModule>
 
-# Except those whitelisted bellow.
-<Files "index.php">
-    Require all granted
-</Files>
-<Files "index_dev.php">
-    Require all granted
-</Files>
-<Files "filemanager.php">
-    Require all granted
-</Files>
-<Files "upgrade.php">
-    Require all granted
-</Files>

app/bundles/CoreBundle/Config/config.php

@@ -1080,7 +1080,7 @@
         'batch_campaign_sleep_time' => false,
         'cors_restrict_domains'     => true,
         'cors_valid_domains'        => [],
-        'rss_notification_url'      => 'https://mautic.com/?feed=rss2&tag=notification',
+        'rss_notification_url'      => '',
         'translations_list_url'     => 'https://language-packs.mautic.com/manifest.json',
         'translations_fetch_url'    => 'https://language-packs.mautic.com/',
         'system_update_url'         => 'https://updates.mautic.org/index.php?option=com_mauticdownload&task=checkUpdates',

app/bundles/CoreBundle/Helper/CookieHelper.php

@@ -15,11 +15,12 @@
 
 class CookieHelper
 {
-    const SAME_SITE_NONE = '; samesite=none';
+    const SAME_SITE       = '; SameSite=';
+    const SAME_SITE_VALUE = 'None';
     private $path;
     private $domain;
-    private $secure   = false;
-    private $httponly = false;
+    private $secure       = false;
+    private $httponly     = false;
     private $request;
 
     /**
@@ -72,20 +73,37 @@ public function setCookie($name, $value, $expire = 1800, $path = null, $domain =
         }
 
         // If https, SameSite equals None
-        $sameSiteNoneText = '';
+        $sameSiteNoneText             = '';
+        $sameSiteNoneTextGreaterPhp73 = null;
         if (true === $secure or (null === $secure and true === $this->secure)) {
-            $sameSiteNoneText = self::SAME_SITE_NONE;
+            $sameSiteNoneText             = self::SAME_SITE.self::SAME_SITE_VALUE;
+            $sameSiteNoneTextGreaterPhp73 = self::SAME_SITE_VALUE;
         }
 
-        setcookie(
-            $name,
-            $value,
-            ($expire) ? (int) (time() + $expire) : null,
-            ((null == $path) ? $this->path : $path).$sameSiteNoneText,
-            (null == $domain) ? $this->domain : $domain,
-            (null == $secure) ? $this->secure : $secure,
-            (null == $httponly) ? $this->httponly : $httponly
-        );
+        if (version_compare(phpversion(), '7.3', '>=')) {
+            setcookie(
+                $name,
+                $value,
+                [
+                    'expires'  => ($expire) ? (int) (time() + $expire) : null,
+                    'path'     => ((null == $path) ? $this->path : $path),
+                    'domain'   => (null == $domain) ? $this->domain : $domain,
+                    'secure'   => (null == $secure) ? $this->secure : $secure,
+                    'httponly' => (null == $httponly) ? $this->httponly : $httponly,
+                    'samesite' => $sameSiteNoneTextGreaterPhp73,
+                ]
+            );
+        } else {
+            setcookie(
+                $name,
+                $value,
+                ($expire) ? (int) (time() + $expire) : null,
+                ((null == $path) ? $this->path : $path).$sameSiteNoneText,
+                (null == $domain) ? $this->domain : $domain,
+                (null == $secure) ? $this->secure : $secure,
+                (null == $httponly) ? $this->httponly : $httponly
+            );
+        }
     }
 
     /**

app/bundles/CoreBundle/Tests/Unit/Helper/CookieHelperTest.php

@@ -50,7 +50,7 @@ public function testSetCookieWhenSecure()
         $cookieHelper->setCookie($cookieName, 'test');
 
         $cookie = $this->getCookie($cookieName);
-        $this->assertContains('samesite=none', $cookie);
+        $this->assertContains('SameSite=None', $cookie);
         $this->assertContains('secure', $cookie);
     }
 
@@ -75,7 +75,7 @@ public function testSetCookieWhenNotSecure()
         $cookieHelper->setCookie($cookieName, 'test');
 
         $cookie = $this->getCookie($cookieName);
-        $this->assertNotContains('samesite=none', $cookie);
+        $this->assertNotContains('SameSite=None', $cookie);
         $this->assertNotContains('secure', $cookie);
     }